Vulnerability-Lookup

CVE-2021-25748 (GCVE-0-2021-25748)

Vulnerability from cvelistv5 – Published: 2023-05-24 00:00 – Updated: 2025-01-16 21:23

Title

Ingress-nginx `path` sanitization can be bypassed with newline character

Summary

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

Severity ?

7.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L

CWE

CWE-20 - Improper Input Validation

Assigner

kubernetes

References

URL

	Vendor	Product	Version
	Kubernetes	Kubernetes ingress-nginx	Affected: unspecified , < 1.2.1 (custom)

FKIE_CVE-2021-25748

Vulnerability from fkie_nvd - Published: 2023-05-24 17:15 - Updated: 2024-11-21 05:55

Severity ?

7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
jordan@liggitt.net	https://github.com/kubernetes/ingress-nginx/issues/8686	Issue Tracking, Mitigation, Vendor Advisory
jordan@liggitt.net	https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8	Mailing List, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/kubernetes/ingress-nginx/issues/8686	Issue Tracking, Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8	Mailing List, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	kubernetes	ingress-nginx	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43BDC85-F198-4126-B487-21F6C3667561",
              "versionEndExcluding": "1.2.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
    }
  ],
  "id": "CVE-2021-25748",
  "lastModified": "2024-11-21T05:55:20.377",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7,
        "source": "jordan@liggitt.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-24T17:15:09.253",
  "references": [
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
    },
    {
      "source": "jordan@liggitt.net",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
    }
  ],
  "sourceIdentifier": "jordan@liggitt.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "jordan@liggitt.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2021-25748

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-25748

Aliases

CVE-2021-25748

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-25748",
    "id": "GSD-2021-25748",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-25748.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-25748"
      ],
      "details": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.",
      "id": "GSD-2021-25748",
      "modified": "2023-12-13T01:23:21.663973Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@kubernetes.io",
        "DATE_PUBLIC": "2022-06-10T16:00:00.000Z",
        "ID": "CVE-2021-25748",
        "STATE": "PUBLIC",
        "TITLE": "Ingress-nginx `path` sanitization can be bypassed with newline character"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Kubernetes ingress-nginx",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "1.2.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Kubernetes"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Gafnit Amiga"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8",
            "refsource": "MISC",
            "url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
          },
          {
            "name": "https://github.com/kubernetes/ingress-nginx/issues/8686",
            "refsource": "MISC",
            "url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
          }
        ]
      },
      "source": {
        "defect": [
          "https://github.com/kubernetes/ingress-nginx/issues/8686"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003cv1.2.1",
          "affected_versions": "All versions before 1.2.1",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-20",
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-06-01",
          "description": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.",
          "fixed_versions": [
            "v1.2.1"
          ],
          "identifier": "CVE-2021-25748",
          "identifiers": [
            "CVE-2021-25748"
          ],
          "not_impacted": "All versions starting from 1.2.1",
          "package_slug": "go/github.com/kubernetes/ingress-nginx",
          "pubdate": "2023-05-24",
          "solution": "Upgrade to version 1.2.1 or above.",
          "title": "Improper Input Validation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-25748",
            "https://github.com/kubernetes/ingress-nginx/issues/8686",
            "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
          ],
          "uuid": "5667ef15-bae3-4428-bd1f-20d8775b14e5",
          "versions": []
        },
        {
          "affected_range": "\u003c1.2.1",
          "affected_versions": "All versions before 1.2.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-05-24",
          "description": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.",
          "fixed_versions": [
            "1.2.1"
          ],
          "identifier": "CVE-2021-25748",
          "identifiers": [
            "GHSA-863x-868h-968x",
            "CVE-2021-25748"
          ],
          "not_impacted": "All versions starting from 1.2.1",
          "package_slug": "go/k8s.io/ingress-nginx",
          "pubdate": "2023-05-24",
          "solution": "Upgrade to version 1.2.1 or above.",
          "title": "Ingress-nginx `path` sanitization can be bypassed with newline character",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-25748",
            "https://github.com/kubernetes/ingress-nginx/issues/8686",
            "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8",
            "https://github.com/kubernetes/ingress-nginx/pull/8623",
            "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.2.1",
            "https://github.com/advisories/GHSA-863x-868h-968x"
          ],
          "uuid": "321e58ac-dbce-4cb7-8132-565b293b1f9c"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:kubernetes:ingress-nginx:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.2.1",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@kubernetes.io",
          "ID": "CVE-2021-25748"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kubernetes/ingress-nginx/issues/8686",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
            },
            {
              "name": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8",
              "refsource": "MISC",
              "tags": [
                "Mailing List",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-06-01T20:44Z",
      "publishedDate": "2023-05-24T17:15Z"
    }
  }
}

GHSA-863X-868H-968X

Vulnerability from github – Published: 2023-05-24 18:30 – Updated: 2023-06-02 23:35

Summary

Ingress-nginx `path` sanitization can be bypassed with newline character

Details

A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the spec.rules[].http.paths[].path field of an Ingress object (in the networking.k8s.io or extensions API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.

Severity ?

6.5 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/ingress-nginx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-25748"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-24T21:55:34Z",
    "nvd_published_at": "2023-05-24T17:15:09Z",
    "severity": "MODERATE"
  },
  "details": "A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster.",
  "id": "GHSA-863x-868h-968x",
  "modified": "2023-06-02T23:35:19Z",
  "published": "2023-05-24T18:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25748"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/ingress-nginx/issues/8686"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/ingress-nginx/pull/8623"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes/ingress-nginx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.2.1"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/avaRYa9c7I8"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Ingress-nginx `path` sanitization can be bypassed with newline character"
}

CERTFR-2024-AVI-0781

Vulnerability from certfr_avis - Published: 2024-09-16 - Updated: 2024-10-15

De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Juniper Networks	Junos OS Evolved	Junos OS Evolved versions antérieures à 20.4R3-S7-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R2-EVO et 24.2R1-EVO
Juniper Networks	Junos OS	Junos OS versions antérieures à 20.4R3-S9, 21.2R3-S6, 21.2R3-S7, 21.2R3-S8, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 21.4R3-S7, 22.1R3-S3, 22.1R3-S4, 22.1R3-S5, 22.2R3-S2, 22.2R3-S3, 22.2R3-S4, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.3R3-S3, 22.4R2-S2, 22.4R3, 22.4R3-S2, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.4R1, 23.4R1-S1, 23.4R2 et 24.2R1
Juniper Networks	BBE Cloud Setup	BBE Cloudsetup versions antérieures à 2.1.0

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper Networks JSA75756	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82975	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82977	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82971	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA79175	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82974	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75746	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75759	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA75750	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA79101	2024-09-13	vendor-advisory
Bulletin de sécurité Juniper Networks JSA82973	2024-09-13	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Junos OS Evolved versions ant\u00e9rieures \u00e0 20.4R3-S7-EVO, 21.2R3-S7-EVO, 21.2R3-S8-EVO, 21.3R3-S5-EVO, 21.4R3-S5-EVO, 21.4R3-S7-EVO, 22.1R3-S4-EVO, 22.1R3-S5-EVO, 22.2R3-EVO, 22.2R3-S2-EVO, 22.2R3-S3-EVO, 22.2R3-S4-EVO, 22.3R2-EVO, 22.3R2-S2-EVO, 22.3R3-S1-EVO, 22.3R3-S2-EVO, 22.3R3-S3-EVO, 22.4R2-EVO, 22.4R3-EVO, 22.4R3-S1-EVO, 22.4R3-S2-EVO, 23.2R1-EVO, 23.2R1-S2-EVO, 23.2R2-EVO, 23.2R2-S1-EVO, 23.4R1-EVO, 23.4R1-S1-EVO, 23.4R2-EVO et 24.2R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Junos OS versions ant\u00e9rieures \u00e0 20.4R3-S9, 21.2R3-S6, 21.2R3-S7, 21.2R3-S8, 21.3R3-S5, 21.4R3-S4, 21.4R3-S5, 21.4R3-S7, 22.1R3-S3, 22.1R3-S4, 22.1R3-S5, 22.2R3-S2, 22.2R3-S3, 22.2R3-S4, 22.3R2-S2, 22.3R3, 22.3R3-S1, 22.3R3-S2, 22.3R3-S3, 22.4R2-S2, 22.4R3, 22.4R3-S2, 23.2R1-S1, 23.2R1-S2, 23.2R2, 23.4R1, 23.4R1-S1, 23.4R2 et 24.2R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "BBE Cloudsetup versions ant\u00e9rieures \u00e0 2.1.0",
      "product": {
        "name": "BBE Cloud Setup",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2023-0216",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0216"
    },
    {
      "name": "CVE-2024-21618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21618"
    },
    {
      "name": "CVE-2023-0401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0401"
    },
    {
      "name": "CVE-2023-28841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28841"
    },
    {
      "name": "CVE-2023-28840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28840"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2024-39524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39524"
    },
    {
      "name": "CVE-2020-15861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15861"
    },
    {
      "name": "CVE-2015-5621",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5621"
    },
    {
      "name": "CVE-2023-3817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3817"
    },
    {
      "name": "CVE-2014-2310",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2310"
    },
    {
      "name": "CVE-2024-39523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39523"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2020-15862",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15862"
    },
    {
      "name": "CVE-2023-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4807"
    },
    {
      "name": "CVE-2019-20892",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20892"
    },
    {
      "name": "CVE-2022-4886",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4886"
    },
    {
      "name": "CVE-2023-5363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5363"
    },
    {
      "name": "CVE-2022-23525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23525"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2023-0466",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0466"
    },
    {
      "name": "CVE-2024-21605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21605"
    },
    {
      "name": "CVE-2023-0465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0465"
    },
    {
      "name": "CVE-2022-4203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4203"
    },
    {
      "name": "CVE-2022-23524",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23524"
    },
    {
      "name": "CVE-2023-0217",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0217"
    },
    {
      "name": "CVE-2015-8100",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8100"
    },
    {
      "name": "CVE-2024-21615",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21615"
    },
    {
      "name": "CVE-2021-25746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25746"
    },
    {
      "name": "CVE-2023-0464",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0464"
    },
    {
      "name": "CVE-2008-6123",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-6123"
    },
    {
      "name": "CVE-2023-28842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28842"
    },
    {
      "name": "CVE-2021-25748",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25748"
    },
    {
      "name": "CVE-2023-25173",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25173"
    },
    {
      "name": "CVE-2023-33953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33953"
    },
    {
      "name": "CVE-2022-23526",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23526"
    },
    {
      "name": "CVE-2014-2285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2285"
    },
    {
      "name": "CVE-2024-21609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21609"
    },
    {
      "name": "CVE-2024-39522",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39522"
    },
    {
      "name": "CVE-2023-25153",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-25153"
    },
    {
      "name": "CVE-2022-4450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4450"
    },
    {
      "name": "CVE-2023-32732",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-32732"
    },
    {
      "name": "CVE-2024-39517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39517"
    },
    {
      "name": "CVE-2023-4785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-4785"
    },
    {
      "name": "CVE-2012-6151",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6151"
    },
    {
      "name": "CVE-2024-39521",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39521"
    },
    {
      "name": "CVE-2024-39512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39512"
    },
    {
      "name": "CVE-2023-1255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-1255"
    },
    {
      "name": "CVE-2021-44225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44225"
    },
    {
      "name": "CVE-2024-39553",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39553"
    },
    {
      "name": "CVE-2024-39520",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-39520"
    },
    {
      "name": "CVE-2022-23471",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-23471"
    },
    {
      "name": "CVE-2014-3565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3565"
    },
    {
      "name": "CVE-2023-2975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-2975"
    },
    {
      "name": "CVE-2023-5043",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5043"
    },
    {
      "name": "CVE-2023-3446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-3446"
    },
    {
      "name": "CVE-2021-25745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-25745"
    },
    {
      "name": "CVE-2018-18065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-18065"
    }
  ],
  "initial_release_date": "2024-09-16T00:00:00",
  "last_revision_date": "2024-10-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0781",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-09-16T00:00:00.000000"
    },
    {
      "description": "Correction d\u0027identifiants CVE erron\u00e9s",
      "revision_date": "2024-10-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
  "vendor_advisories": [
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75756",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-A-low-privileged-user-can-access-confidential-information-CVE-2024-21615"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82975",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-CLI-parameter-processing-issues-allowing-privilege-escalation-resolved"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82977",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-User-is-not-logged-out-when-the-console-cable-is-disconnected-CVE-2024-39512"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82971",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-BBE-Cloudsetup-Multiple-vulnerabilities-resolved-in-2-1-0-release"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA79175",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Upon-processing-specific-L2-traffic-rpd-can-hang-in-devices-with-EVPN-VXLAN-configured-CVE-2024-39517"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82974",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-OpenSSL-3-0-12"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75746",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-SRX-300-Series-Specific-link-local-traffic-causes-a-control-plane-overload-CVE-2024-21605"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75759",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA75750",
      "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-MX-Series-with-SPC3-and-SRX-Series-If-specific-IPsec-parameters-are-negotiated-iked-will-crash-due-to-a-memory-leak-CVE-2024-21609"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA79101",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-Evolved-Receipt-of-arbitrary-data-when-sampling-service-is-enabled-leads-to-partial-Denial-of-Service-DoS-CVE-2024-39553"
    },
    {
      "published_at": "2024-09-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks JSA82973",
      "url": "https://supportportal.juniper.net/s/article/2024-07-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-vulnerabilities-resolved-in-net-SNMP-5-9-4"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-25748 (GCVE-0-2021-25748)

FKIE_CVE-2021-25748

GSD-2021-25748

GHSA-863X-868H-968X

CERTFR-2024-AVI-0781

Solutions

Tags

Sightings

Nomenclature